Professional Windows Server 1002003 Security A Technical Reference [Electronic resources]

Roberta Bragg

نسخه متنی -صفحه : 415/ 297
نمايش فراداده

dsaddnew in WS2003

Adds users, groups, and other objects to Active Directory and configures AD quotas.

Syntax

dsadd command switches [{-s Server|-d Domain}] [-u UserName] 
[-p {Password|*}] [-q] [-dsec Description]

Options

command

Any dsadd command (see later list).

switches

Various switches that go with each command (see later list).

{-s Server | -d Domain}

Connects to a specified server or domain to run the command (if omitted, defaults to domain controller in logon domain).

[-u UserName] [-p {Password | *}]

Credentials for running the command. Specify UserName as domain\user or user@domain. If -p *, prompts for password.

-q

Runs in quiet mode to suppress standard output of command.

-desc Description

Specifies the description for the object.

Commands

Here is a list of supported dsadd commands with a brief description of their syntax (only the most commonly used switches are described):

dsadd computer ComputerDN

Adds a computer account to Active Directory with distinguished name ComputerDN.

dsadd contact ContactDN [-fn FirstName] [-ln LastName] [-email Email]

Adds a contact to Active Directory with distinguished name ContactDN.

dsadd group GroupDN [-secgrp {yes | no}] [-scope {l | g | u}]

Adds a group to Active Directory with distinguished name GroupDN. The -secgrp yes option creates a security group (the default) while the -scope option creates either a local, global, or universal group (default is global).

dsadd ou OrganizationalUnitDN

Adds an organizational unit to Active Directory with distinguished name OrganizationalUnitDN.

dsadd quota -part PartitionDN [-rdn RelativeDistinguishedName] -acct SecurityPrincipalDN -qlimit Value

Configures an Active Directory quota for the security principal specified by -acct SecurityPrincipalDN, limiting how many directory objects the security principal can own in the specified partition. To specify an unlimited quota, use -qlimit -1.

dsadd user UserDN [-upn UserPrincipalName] [-fn FirstName] [-ln LastName] [-display DisplayName] [-pwd {Password | *}] [-memberof Group;...] [-tel PhoneNumber] [-email Email] [-title Title] [-company Company] [-hmdir HomeDirectory] [-profile ProfilePath] [-pwdneverexpires {yes | no}] ...

Adds a user to Active Directory with distinguished name UserDN and properties specified by switches (there are many more).

Examples

Create a new computer account for the workstation DESK155 in the Sales organizational unit of the

mtit.local domain using the Administrator account for that domain:

dsadd computer CN=DESK155,OU=Sales,DC=mtit,DC=local -u Administrator -p *
Enter Password:**********
dsadd succeeded:CN=DESK155,OU=Sales,DC=mtit,DC=local

If you open Active Directory Users and Computers, you can see the new computer account in the Sales OU.

Create a new domain local group named Human Resources in the Sales OU of

mtit.local :

dsadd group "CN=Human Resources,OU=Sales,DC=mtit,DC=local" -scope l
dsadd succeeded:CN=Human Resources,OU=Sales,DC=mtit,DC=local

Note the quotation marks in the example (required due to the space in the group name).

Create the user Bob Jones and add him to the Human Resources group:

dsadd user CN=bjones,OU=Sales,DC=mtit, 
DC=local -upn bjones@mtit.local -fn Bob -ln Jones 
    -display "Bob Jones" -pwd Passw0rd -email bjones@mtit.com 
    -memberof "CN=Human Resources,OU=Sales,DC=mtit,DC=local"
dsadd succeeded:CN=bjones,OU=Sales,DC=mtit,DC=local

Notes

If you omit the distinguished name of the object you are creating, it is obtained from standard inputSTDINi.e., the keyboard, a redirected file, or piped output from another command. Use Ctrl-Z to indicate the end of file character for STDIN.

See Also

Active Directory , dsget, dsmod, dsmove, dsquery, dsrm,

Groups ,

Users